Anda di halaman 1dari 10

Intelligence-Sharing Gaps Remain the Single Biggest Obstacle to Securing the Homeland

The terrorist attacks that rocked our nation on December 12, 2012 were the most
devastating and complex in our nations history. Despite the bitter lessons of 9/11, certain small
but fatal gaps in our homeland security posture have persisted these gaps were ruthlessly and
effectively exploited by five teams of Quds Force-trained operatives on December 12. While the
total losses of these attacks are almost incalculable, more than 2,500 Americans died and some
$28 billion was lost in just 12 hours.
This report provides a timeline of the attacks, together with analysis of who the attackers
were and how they exploited gaps in everything from intelligence sharing to export control laws
to bring off the most audacious terrorist attack on our soil since 9/11.
The following gaps in our homeland security strategy must be decisively solved in order
to prevent a repeat of the 12/12 attacks:
* Intelligence sharing with foreign law enforcement agencies
* Improved maritime and air defense security
* A comprehensive national training program for dealing with active shooters
* Enhanced legislation designed to address the EMP threat
Factors Bearing on Solution-Situation
At the direction of the President, decisive action was taken by both the National Guard
and other federal agencies to respond to the attacks and speed recovery. The 12/12 attacks have
galvanized our nation and our people to ensure a safer and more secure future for the United
States. While the enhanced security measures now in place are temporary, the lessons learned
from the events of December 12 are enduring.

Final Case Study

Red Team Scenario: The 12/12 Attacks

Jason J. Wright
P ADM 802 Fall 2012

Dr. Robert McCreight

Pennsylvania State University

Executive Summary
On 12 December 2012, Iranian-sponsored sleeper cells from various groups including
Quds Force and Hezbollah initiated the most audacious and destructive series of terrorist
attacks in US history. Three small teams staged a series of guerilla-style assaults in Philadelphia,
Tampa and Minnesota that left 2,659 civilians dead and more than 3,000 maimed or wounded.
All but three of the attackers were killed, with two in custody and one still at large. In Chicago,
two small teams inflicted more than $28 billion in financial losses using less than $25,000 worth
of commercially available electronics equipment and a batch of homemade explosives; the
individuals responsible for the Chicago attacks also remain at large.
The 12/12 attacks were as bold as they were complex, and as ruthless as they were
devastating. By exploiting well-known (but overlooked) gaps in our homeland security posture
to conduct simultaneous asymmetric attacks on multiple and diverse targets, Iran succeeded in
bringing the War on Terrorism to our shores. By assassinating an Israeli diplomat in Los
Angeles, the Iranians also demonstrated their willingness to pursue their war with Israel on US
soil. Currently, the National State of Emergency allows the federal government to maintain
security through extraordinary means. While we are not under martial law per se, National
Guard soldiers patrol our streets while UAVs and fighter jets secure the skies. Emergency
legislation authorizing the issue of biometrically-enabled national identity cards for every citizen
and resident will likewise make us safer, especially with mandatory random ID checks in all
public places conducted by both Guard and law enforcement personnel. Some of these measures
are temporary while others are here to stay; none guarantee public safety indefinitely.
In addition to providing the reader with a timeline and analysis of the 12/12 attacks, this
case study is meant to provide answers to the following questions:

What were the mechanics of the 12/12 attacks? What lessons do the nuts and bolts of
these attacks hold for homeland security professionals as we move into the post-12/12

Which of our vulnerabilities legislative, regulatory or procedural did our enemies

exploit, and how did they leverage them against us?

How did US intelligence-sharing gaps contribute to the success of these attacks?

While we failed to prevent the 12/12 attacks, understanding what we did wrong is as important
as confirming what we did right. Within the context of the December 12 tragedy, this case study
will do just that.
Background: Impetus for the 12/12 Attacks
On 7 December 2012, Israel launched a series of daring nighttime airstrikes on uranium
enrichment facilities at Natanz and Fordo. Five strike packages of two planes each flew through
Saudi airspace, re-fueling en route. Each of the F15 jets carried an Israeli version of the GBU-28
bunker buster bomb. While the airstrikes were successful in knocking both facilities out of
service, the Israeli decision to suppress Iranian Integrated Air Defense Systems (IADS) with both

submarine-launched cruise missiles and UAVs designed to spoof IADS-associated radar

systems convinced the Iranian Supreme Council that the US was directly involved in the attacks
(Marcus, 2012). The Iranians managed to shoot down two of the attack aircraft on 7 December;
the next day, Fars News Agency broadcast images of a captured pilot in a US-type flight suit
who was identified as a US Air Force officer. Both Al Jazeera and the BBC picked up the story
and ran with it despite repeated denials from President Obama.
In the days immediately following the attacks, violent protests were staged at US
Embassies around the globe; in South Sudan, thousands of protesters overwhelmed the
undermanned and poorly-trained South Sudanese police. The newly-established American
Embassy at Juba was evacuated less than an hour before it was overrun and burned to the
ground. In Sarajevo, protesters attempted to storm the American Embassy but were driven back
by US Marines and local national security guards. Similar scenes played out in Afghanistan,
Jakarta, and Caracas. The fact that no Americans were harmed at any of our Embassies is proof
positive that the bitter lessons of Benghazi were not lost on the State Department, who increased
both the quantity of their security personnel and the quality of their intelligence support to
security operations in the aftermath of the Benghazi debacle.
Despite the focus on the overseas threat, DHS placed the nation on high alert. Security
was stepped up at airports, train stations, and sea ports with specific emphasis on shipping
containers. State police set up checkpoints at key chokepoints around the country. We know
now that most (if not all) of the sleeper cells were already within one hours drive of their targets
at least two weeks before the 7 December bombings; we also know that the terrorists has selected
their targets using the same risk assessment methodologies that homeland security professionals
have used for years, and that those targets had been validated by Quds Force leadership well in
advance. Based upon both NSA and CYBERCOM analysis as well as an ongoing FBI
investigation, we believe the go code for 12/12 was posted in the comments section of an
internationally well-known online blog no later than 9 December, and that all of the vehicles
rented for the attacks were obtained by the night of the 10th.
Although it is unlikely we will ever obtain conclusive evidence linking the Iranian
government to December 12, neither the methodology of the attacks nor the ethnicity of several
of the attackers leaves much doubt.

Timeline of the Attacks

All of the attacks were complex in the sense that multiple modes of ingress were
utilized in conjunction with a diverse array of weapons and urban warfare tactics. We know that
some of the attackers were American citizens, and others were foreign citizens in the US legally.
We also know that at least two of the attackers were Iranian nationals who traveled to Venezuela
multiple times and were fluent in Spanish; these entered the US illegally, most likely over
Mexican land border. Four of the terrorists involved in the Tampa attacks were found dead
aboard an unregistered ship believed to come from Cuba.
Post-attack analysis and custodial interviews with two of the attackers confirm that
everyone in the group received some type of combat training and that the majority of group

members had previous insurgent and / or terrorist operational experience. The attackers used a
mix of legally and illegally-obtained semi-automatic and fully automatic weapons, including
several AK-74 rifles and HK MP-5 submachine guns. The US-made mil-spec hand grenades
used in the Mall of America attack were purchased illegally from a Fort Hood-based US Army
Staff Sergeant who converted to Islam after his third deployment to Iraq. During a custodial
interview, the Staff Sergeant stated that he was told the grenades would be used against military
targets within the United States.
Sunoco Petroleum Refinery, Philadelphia PA

7:47 AM EST

As the bleary-eyed third shift guards prepared for their relief to arrive, the main gate
guard shack was struck by a pickup truck armed with a small fertilizer-type bomb. With the rollaway gate out of action, a fully-loaded gasoline truck accelerated through the entrance and
directly into a petroleum storage tank. The resultant explosion killed dozens, with secondary
explosions ripping through the facility seconds later. These secondary explosions also ruptured
pipelines to pressurized tanks containing thousands of gallons of anhydrous hydrogen fluoride, a
highly toxic gas (Flynn, 2007). Within minutes, thousands of gridlocked commuters on the I-95
were enveloped in a cloud of highly toxic gas that caused seizures, burns and blindness. While
casualties would have been far worse in warmer weather, more than 1,900 died and thousands
more were hospitalized. 44 people were blinded permanently.
The leader of the group was a German national, a second-generation Iranian from
Hamburg who spent at least three months at a Quds Force camp in Sudan in 2003 and
participated in attacks on Iraqi oil refineries in 2004. Upon his return to Germany in 2005, he
completed his engineering degree and worked for a small firm in Germany until traveling to the
US in 2012. Since this individual had no criminal record in Germany, his name was not on any
watch list; as a German citizen, he was able to travel to Philadelphia without a visa. With a letter
of introduction from a radical German imam, he went to a Philadelphia mosque and made
contact with two Americans; one of these was a commercial truck driver with a clean record and
several years experience. With his imams financial support, he earned his HAZMAT
certification and soon found a job with a family-owned gasoline distributor. The third individual
had a job as a welder at the oil refinery; he was recruited by the imam to assist with target
reconnaissance at the refinery (Flynn).
What did we learn? Improved intelligence sharing with German federal immigration and
law enforcement authorities via the American Embassy in Berlin may have allowed the US to
identify the ringleader of this attack. German Bundesgrenzschutz (Federal Border Security)
conducted one secondary interview with the ringleader upon his return to Germany from Sudan
in 2003 and noted inconsistencies between his stated itinerary and his passport stamps, but this
information was neither shared with nor sought by the US. Although the Philadelphia JTTF had
the Philadelphia mosque listed as a location of interest, political and legal concerns raised by
local community activists kept local law enforcement authorities from conducting any
meaningful surveillance of the mosque or the bookstore / caf adjacent to it where the entire
team is believed to have met at least twice with the imam. According to an anonymous interview
with a Philadelphia police investigator, We were in a Catch-22 with the JTTF. Local
troublemakers kept us from doing surveillance on the mosque, and that in turn kept us from
gathering the kind of evidence that JTTF needs to authorize federal surveillance.

James A. Haley Veterans Hospital, Tampa FL

8:24 AM EST

Based upon initial reports from the hospital, Tampa police and fire department personnel
initially believed they were responding to a plane crash, and witnesses later reported seeing a
small plane fly into the third story of the James A. Haley Veterans Hospital in downtown
Tampa. Emergency responders did not attempt to confirm the report with local airports, where a
routine check of flight plans on file might have saved lives. The commercially available Penguin
B UAV that crashed into the main hospital building was equipped with a 7,500 cc (approx. 2
gallons) auxiliary fuel tank modified to hold Sarin gas (TBM, 2012). While the main hospital
building was evacuated, proper procedures for a toxic event were not observed. Although the
Tampa Fire Department trains its personnel to respond to toxic events, Chief Thomas E. Forward
later stated We just didnt expect something like this it was totally unprecedented for us.
While the main hospital building was evacuated, two adjacent buildings housing outpatients and
administrative staff were not. The Sarin gas was circulated to these buildings via the common
HVAC system shared by the entire hospital complex; a few hours later, more than 200 were
Upon discovering a US-flagged fishing trawler adrift some 8 nautical miles west of
Clearwater FL, US Coast Guard LT James Phelps of the USS Sawfish ordered his ship alongside
but saw no activity aboard. When he received no response from the ship, he sent a boarding
party to inspect the vessel. Once aboard, USCG personnel found four dead males and a strange
looking metal device. Autopsies revealed traces of Sarin in all four corpses, and site
exploitation confirmed that the metal device was a pneumatic catapult used to launch the
Penguin B UAV. Because the incident was initially treated as a crime scene (and not a sensitive
site exploitation), the four corpses spent three days in a city morgue before FBI got access to
them; subsequent analysis from the Miami JTTF revealed that all four crew members were
known Hezbollah associates.
While the ship was US-flagged, further inspection revealed that the ships documents to
be poor forgeries; investigators believe the ship came from Cuba. While Coast Guard policy
requires any suspicious vessel to be stopped and inspected, LT Phelps stated that the only reason
he stopped this particular boat was because it appeared to be adrift. In any event, he believed
that the UAV was probably launched from more than 12 miles out to sea, in which case he would
likely not have even seen the ship. Either way, stated Phelps, there are no radar systems or
procedures in place to detect something like a UAV being launched from a boat. Anybody with
a boat and the money to buy a UAV could have done it. (Owen, 2012)
What did we learn? While the precursors for Sarin are export-controlled and their sale
within the US is monitored, there are no mechanisms in place to prevent another state (e.g.,
Cuba) from importing the necessary chemicals without triggering any export control alerts.
Moreover, the precursors for Sarin have a host of industrial uses (including wood preservation
and water purification), and access to these chemicals is not always tightly controlled
especially in Caribbean countries and in Latin America (FANPP, 2012). The US Coast Guard is
chartered to protect our national coastlines and maritime areas from a variety of threats. In
Florida, the Coast Guard is primarily focused on interdiction of refugees and drug smugglers; the
boat used by the Hezbollah operatives to attack the veterans hospital did not fit the profile of
vessels used for smuggling. Neither the Coast Guard nor the FAA have any systems in place to
track the movement of slow-moving, low-altitude aircraft like the Penguin B UAV from

offshore. While often overlooked in homeland security discussions, the Civil Air Patrol has a
limited but relevant capability to assist both DHS and the US Air Force with patrolling US
airspace (GAO, 2012). While nothing short of a fighter jet interceptor could have prevented this
specific UAV attack, the event points up the importance of including all stakeholders in
homeland security functions.
Thanks to the proximity of MacDill Air Force Base, emergency responders were able to
obtain more than 3,500 Atropine injectors on very short notice from the U.S. military and save
thousands of lives. In addition, the state maintains a large supply of powdered Atropine at a
CDC facility in Miami for response to mass-casualty events involving nerve agent (Dix, et. al.

Mall of America, Bloomington MN

12:42 AM CST

During the lunch hour at a crowded Mall of America (MOA) food court, a group of six
individuals four male and two female simultaneously detonated themselves using highexplosive fragmentation-type suicide vests. While only 60 people were killed by these blasts,
many more were wounded by shrapnel. As hundreds of people began running towards the exits
or seeking cover, a group of four shooters armed with assault rifles, machine guns and hand
grenades began attacking into the crowd while a second group of four shooters prevented both
security and emergency personnel from entering the food court area by using smoke grenades
and firing from pre-selected defilade positions. According to one Persian-speaking witness, the
shooters used verbal signals to notify each other of movement and reloading; police responding
to the incident stated that the shooters utilized bounding movements and covering fire, as well.
By the time the shooters were neutralized by police snipers, 179 people lay dead and more than
210 were hospitalized with wounds.
Shopping malls are designed to be easily accessible for both vehicles and pedestrians, and
their internal layout is usually designed to facilitate freedom of movement. In addition to its
symbolic value (MOA is the biggest mall in the US and is owned by an Iranian Jewish family
from Canada), the mall offered terrorists an optimal target for maximizing casualties (Black,
2006). While MOA security personnel are well-trained to identify and detain suspicious
individuals, neither the suicide team nor the assault team dressed or behaved in a suspicious
manner. The suicide teams bulky clothing was totally appropriate for December in Minnesota,
and the assault team selected weapons like the AK-74 and HK MP-5, both of which feature
collapsible stocks and high rates of fire.
What did we learn? MOA has received multiple terrorist threats over the years, and
MOA security personnel have a well-earned reputation for taking their jobs seriously; indeed,
some have accused them of being overly zealous in their duties (Schulz, 2011). In many
respects, MOA can be considered a hard target for terrorists due to vigilant security personnel
and the presence of a police station within the mall itself. Moreover, MOAs security
department has a good working relationship with JTTF Minneapolis. Two of the attackers were
employed at MOA shops and two others worked for MOA as maintenance workers, giving them
enhanced access to and freedom of movement in the mall; all of these individuals were American

citizens and none had a criminal record. The other six attackers traveled to the mall separately
and entered through different entrances; none exhibited any of the alerting behaviors that mall
security personnel are trained to look for, and all were able to enter the food court without
While this attack probably could not have been prevented, the majority of the casualties
were inflicted after the suicide vests were detonated. Two of the victims both Army Reservists
were shot dead trying to disarm one of the shooters. Most of the victims were shot while
running away from their killers. While running away from shots or attempting to disarm the
attacker are understandable, they are not consistent with the lessons learned from recent active
shooter incidents in Colorado or Fort Hood. DHS has published training aids for how to cope
with an active shooter scenario, but the extent to which this training is read or heeded by the
average American is unclear. DHS should partner with states and localities to ensure that this
type of information is taught in schools, universities, and at all large employers.

Chicago Board Options Exchange, Chicago IL

8:22 PM CST

After the close of an already-disastrous day for the markets, the Chicago Board Options
Exchange (CBOE) suffered a complete loss of both its primary and backup data centers at
exactly 8:22 PM, Central Standard Time. Two large, high-explosive type Electromagnetic Pulse
(EMP) bombs were detonated at CBOEs primary location in downtown Chicago and the data
backup center in the Chicago suburbs. Only the trucks carrying the bombs were seriously
damaged and nobody was harmed. While the lost trading data was restored within 48 hours,
CBOE was forced to announce an unplanned halt to trading that resulted in an estimated $28
billion in losses. The suspects fled the scene and remain at large.
What did we learn? Despite the threat posed by EMPs like the one that crippled the
largest US securities exchange, there are no federal laws prohibiting the assembly or possession
of such a device and only Michigan has enacted a state law against them (Mumm, 2012). The
CBOE attack demonstrates the need for the US to increase the resiliency of its electronic and
communications infrastructure by passing laws requiring critical nodes (like CBOE and its data
backup center) to be hardened against such attacks. While laws in and of themselves cannot
prevent crime, they can call attention to a criminal threat and ensure that appropriate resources
are directed against it. For this reason, the construction or possession of EMPs should be made a
federal crime and a counter-EMP task force should be established with representation at every
JTTF (Carafano, 2010).

Black, S. (2006, November 3). Ghermezians take sole control of mall of america in $1B deal.
Minneapolis St. Paul Business Journal. Retrieved from:
Brown, J. (2011). Presidential policy directive 8 and the national preparedness system:
Background and issues for congress. Congressional Research Service, U.S. Congress. Retrieved
from Federation of American Scientists website:
Carafano, J. and Weitz, R. (2010). EMP attacks what the US must do now. The Heritage
Foundation. Retrieved from:
Department of Homeland Security (2011). National preparedness system. Retrieved from
Federal Emergency Management Agency website:
Department of Homeland Security (2008). Small vessel security strategy. Retrieved from DHS
Dix, J. et. al. (2003). Stability of atropine sulfate prepared for mass chemical terrorism.
University of Pittsburgh. Retrieved from:
Elwart, S. (2012, August 3). Low-tech emp to send U.S. back to stone age? Retrieved from
WND website:
Fluoride Action Network Pesticide Project (FANPP). (2012). Chemical weapons and/or their
precursors: Fluorinated and fluoride pesticides. Retrieved from FANPP website:
Flynn, S. (2007). The next attack. Washington Monthly. March 2007. Retrieved from:
Government Accountability Office (GAO). (2012). Civil air patrol involved in certain missions,
but dhs should assess the benefits of further involvement. Retrieved from:
Groves, J. (2012, November 28). Email Interview by J Wright [Personal Interview].
Perspectives on the chicago board options exchange.
Ignatius, D. (2008, December 3). Could a mumbai-style attack happen in the u.s.? Washington
Post. Retrieved from
Marcus, J. (2012, February 27). Analysis: How israel might strike at iran. Retrieved from BBC

References (contd)
Mumm, H. (2012, November 26). Email Interview by J Wright [Personal Interview]. US emp
vulnerability: A us senior intelligence officers perspective.
Owen, D. (2012, November 27). Email Interview by J Wright [Personal Interview]. Maritime
security shortfalls: A us coast guard officer's perspective.
Rabasa, A. (2009). The lessons of mumbai. Rand Corporation, Santa Monica, CA. Retrieved
from Rand Corporation website:
Schulz, G. et. al. (2011, September 11). Theyre watching at the mall of america. Star Tribune.
Retrieved from:
Troy Built Models (TBM), Inc. (2012). Sales listing for UAV Factory Penguin B. Retrieved
United States Code 22 2656f. (2012). Annual country reports on terrorism. U.S. Government
Printing Office, Washington, D.C. Retrieved from Cornell University website: